TR/Trash.Gen [trojan]

How is the machine running now?

Hello

The problem related with the virus itself about system audio was solved, and apparently had to do with
the situation related with ghostly files (like slides) in My Documents and in some of the folders like (My music,videos, ) and in the EMule's Incoming folder. A malware folder called RECYCLER. But didn't any checking I made find a problem.
Yes, you were right, when I deleted Emule all of these folders were gone permanently.
I really thank you for your patience and your help.

Another problem is that the computer is slower than normal? But don't if I have to open a new topic.

Thanks a lot!!!!!
Sebastian

Hello.
Looking from your logs, you have 2GB RAM and 1GB of it is being used so I am guessing you have a lot of programs running in the background

Please download the current version of HijackThis from HERE

• Double click and run the installer.
  
• It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  
• After installing, you should get the user agreement, press accept and Hijack This will run.
  
• Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.
  

Hello

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 08:25:39 p.m., on 16/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Archivos de programa\Winamp\winampa.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe
C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Archivos de programa\uTorrent\uTorrent.exe
C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Messenger\msmsgs.exe
C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
C:\Archivos de programa\Java\jre6\bin\jqs.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Archivos de programa\eMule\emule.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com.ar/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gooofullsearch.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: Softonic ES Toolbar - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Archivos de programa\Archivos comunes\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9c905b42-976e-43c1-bc30-fc5937017909} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Archivos de programa\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Softonic ES Toolbar - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Archivos de programa\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Archivos de programa\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f592709f-ff4a-4862-b659-4afabda56312} - (no file)
O3 - Toolbar: Softonic ES Toolbar - {c2ed826e-8903-4a9d-b0df-3a8fb8ea918a} - C:\Archivos de programa\Softonic_ES\tbSof1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Archivos de programa\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Archivos de programa\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Archivos de programa\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIV~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Archivos de programa\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Archivos de programa\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Precargador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Demonio de caché de las categorías de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Archivos de programa\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servicio del administrador de discos lógicos (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Registro de sucesos (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Unknown owner - C:\Archivos de programa\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Archivos de programa\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio COM de grabación de CD de IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Archivos de programa\Java\jre6\bin\jqs.exe
O23 - Service: Escritorio remoto compartido de NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Administrador de sesión de Ayuda de escritorio remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Tarjeta inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Registros y alertas de rendimiento (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Instantáneas de volumen (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Adaptador de rendimiento de WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Servicio de uso compartido de red del Reproductor de Windows Media (WMPNetworkSvc) - Unknown owner - C:\Archivos de programa\Windows Media Player\WMPNetwk.exe

--
End of file - 10193 bytes

Hello.

• Open HijackThis
  
• Choose "Do a system scan only"
  
• Check the boxes in front of these lines:
  
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
  O2 - BHO: (no name) - {9c905b42-976e-43c1-bc30-fc5937017909} - (no file)
  O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  O2 - BHO: (no name) - {f592709f-ff4a-4862-b659-4afabda56312} - (no file)
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [WinampAgent] "C:\Archivos de programa\Winamp\winampa.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Archivos comunes\Java\Java Update\jusched.exe"
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Archivos de programa\Archivos comunes\Adobe\ARM\1.0\AdobeARM.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
  O4 - HKCU\..\Run: [msnmsgr] "C:\ARCHIV~1\MSNMES~1\msnmsgr.exe" /background
  O4 - HKCU\..\Run: [swg] "C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
  O4 - HKCU\..\Run: [uTorrent] "C:\Archivos de programa\uTorrent\uTorrent.exe"
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [MSMSGS] "C:\Archivos de programa\Messenger\msmsgs.exe" /background
  O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
  
  
  
  
• Press "Fix Checked"
  
• Close Hijack This.
  

Reboot normally.

How is the machine running now?

Hello

Takes time to connect and load a web page and now a couple of times I got the message "Internet Explorer can't show the web page". And is page a whick I check regularly and is always available, but seems to connect, showing like a green bottom color and then the message.

And when I went to see my football team web page, and the video links (java maybe) weren't available.

And these options weren't available to mark in Hijackthis:

O2 - BHO: (no name) - {9c905b42-976e-43c1-bc30-fc5937017909} - (no file)
O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: (no name) - {f592709f-ff4a-4862-b659-4afabda56312} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime

Thanks.

Hello

It's still infected with the RECYCLER. I sent you Mbam log before to remove them, but of course come back. I think after rebooting the PC.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4408

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

17/08/2010 02:21:16 a.m.
mbam-log-2010-08-17 (02-21-16).txt

Scan type: Quick scan
Objects scanned: 130620
Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Agent) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-1-5-21-1993962763-1708537768-725345543-1003\Dc31\setup.exe (Adware.Agent) -> No action taken.

Hello.

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :commands
  [emptytemp]
  [reboot]
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Hello

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrador
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: yo
->Temp folder emptied: 1271512 bytes
->Temporary Internet Files folder emptied: 1618587284 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29289492 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 13665 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134225 bytes
%systemroot%\System32 .tmp files removed: 2909 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98844 bytes
RecycleBin emptied: 1339391630 bytes

Total Files Cleaned = 2.852,00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 08172010_164313

Files\Folders moved on Reboot...
C:\Documents and Settings\yo\Configuración local\Temp\Google Toolbar\GoogleToolbarWelcome.log moved successfully.
C:\Documents and Settings\yo\Configuración local\Archivos temporales de Internet\Content.IE5\I8UFOYX0\blank[2].htm moved successfully.
C:\Documents and Settings\yo\Configuración local\Archivos temporales de Internet\Content.IE5\GZDU1IA5\fc[1].htm moved successfully.
C:\Documents and Settings\yo\Configuración local\Archivos temporales de Internet\Content.IE5\GZDU1IA5\st[1] moved successfully.
C:\Documents and Settings\yo\Configuración local\Archivos temporales de Internet\Content.IE5\GZDU1IA5\tr-trashgen-trojan-t23185-15[1].htm moved successfully.
C:\Documents and Settings\yo\Configuración local\Archivos temporales de Internet\Content.IE5\EDNL4PDB\blank[1].htm moved successfully.
C:\Documents and Settings\yo\Configuración local\Archivos temporales de Internet\Content.IE5\EBJDTVLW\launch[1].htm moved successfully.
C:\Documents and Settings\yo\Configuración local\Archivos temporales de Internet\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

How is the machine running now?

Hello

very bad
No sound, no keyboard. I had to change the keyboard USB port. And when I try to close or minimize some windows is like not working, like freezing and after a time it works.
I'm very confused.
And Avira found yesterday the TR/Trash. Gen A0006184.exe again, moved to quarantine but it's like coming again?

Hello.

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Does Avira still say it now?

Hello

No, not now.
And the sound and the keyboard are working OK, but from time to time, I have to change the keyboard USB connection to another USB port, and then, the problem is solved, but then, after a time, happen again. And the same with the sound system. Normally if I reboot the PC the sound comes back. It's happening long time ago.

What to do next?
Is the problem solved?

Cheers

Hi.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Hello

Firstly I run it directly by mistake because I couldn't find the file path, and then as was never finishing to create a log, I thought I did it something wrong and then I tried to stop it, and finally I did it disconnecting energy supply.
But, then, I found the path of the commy file, and I follow your instructions. And this time the log came very quick.


ComboFix 10-08-18.04 - yo 20/08/2010 3:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2037.1491 [GMT -3:00]
Running from: c:\documents and settings\yo\escritorio\commy.exe
Command switches used :: /stepdel
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\archivos de programa\\setup.exe
c:\archivos de programa\Setup.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-20 to 2010-08-20 )))))))))))))))))))))))))))))))
.

2010-08-19 20:53 . 2010-08-19 20:54 -------- d-----w- c:\archivos de programa\memtest86+-4.10.usb.installer
2010-08-19 20:53 . 2010-08-19 20:53 144308 ----a-w- c:\archivos de programa\memtest86+-4.10.usb.installer.zip
2010-08-18 19:15 . 2010-08-18 19:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2010-08-17 19:43 . 2010-08-17 19:43 -------- d-----w- C:\_OTL
2010-08-17 06:58 . 2010-08-17 06:58 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2010-08-15 20:04 . 2010-08-15 20:04 260384 ----a-w- c:\archivos de programa\SoftonicDownloader22897.exe
2010-08-15 07:27 . 2010-08-15 07:27 -------- d-----w- c:\documents and settings\yo\Datos de programa\.oit
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\GlarySoft
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\archivos de programa\Glary Undelete
2010-08-15 05:57 . 2010-08-15 05:57 3354016 ----a-w- c:\archivos de programa\gunsetup.exe
2010-08-15 05:54 . 2010-08-15 05:54 260400 ----a-w- c:\archivos de programa\SoftonicDownloader70493.exe
2010-08-15 03:36 . 2010-08-15 03:36 -------- d-----w- c:\archivos de programa\ESET
2010-08-14 19:28 . 2010-08-14 19:28 -------- d-----w- c:\archivos de programa\SoftLogica
2010-08-14 19:27 . 2010-08-14 19:28 1676456 ----a-w- c:\archivos de programa\handyrecovery4.exe
2010-08-14 18:33 . 2010-08-14 18:33 260400 ----a-w- c:\archivos de programa\SoftonicDownloader32483.exe
2010-08-14 17:05 . 2010-08-14 17:05 -------- d-----w- c:\archivos de programa\Kroll Ontrack
2010-08-14 17:01 . 2010-08-14 17:04 45192311 ----a-w- c:\archivos de programa\erprot.exe
2010-08-14 17:00 . 2010-08-14 17:00 260424 ----a-w- c:\archivos de programa\SoftonicDownloader12296.exe
2010-08-14 04:22 . 2010-08-14 04:22 -------- d-----w- c:\documents and settings\yo\Datos de programa\Apple Computer
2010-08-14 03:44 . 2010-08-18 19:15 -------- d-----w- c:\archivos de programa\QuickTime
2010-08-14 03:44 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2010-08-14 03:43 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Apple Software Update
2010-08-14 03:43 . 2010-08-14 03:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple
2010-08-13 22:18 . 2010-08-13 22:18 388096 ----a-r- c:\documents and settings\yo\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-08-13 22:18 . 2010-08-13 22:18 -------- d-----w- c:\archivos de programa\TrendMicro
2010-08-13 22:15 . 2010-08-13 22:15 1401344 ----a-w- c:\archivos de programa\HijackThis.msi
2010-08-08 22:19 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 22:18 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 20:40 . 2010-08-08 20:40 6153352 ----a-w- c:\archivos de programa\mbam-setup-1.46.exe
2010-08-06 19:48 . 2010-08-06 19:48 -------- d-----w- c:\windows\Sun
2010-08-06 07:09 . 2010-08-07 05:09 -------- d-----w- c:\documents and settings\yo\Datos de programa\Youtube Downloader HD
2010-08-06 07:09 . 2010-08-06 07:09 -------- d-----w- c:\archivos de programa\Youtube Downloader HD
2010-08-06 07:08 . 2010-08-06 07:08 3513989 ----a-w- c:\archivos de programa\youtube_downloader_hd_setup.exe
2010-08-05 04:40 . 2010-08-05 04:40 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcp71.dll
2010-08-05 04:40 . 2010-08-05 04:40 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\jmc.dll
2010-08-05 04:40 . 2010-08-05 04:40 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcr71.dll
2010-08-05 04:40 . 2010-08-05 04:40 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-sse.dll
2010-08-05 04:40 . 2010-08-05 04:40 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-d3d.dll
2010-08-02 16:01 . 2010-08-02 16:01 -------- d-----w- c:\documents and settings\yo\Datos de programa\Malwarebytes
2010-08-02 16:00 . 2010-08-08 22:22 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-08-02 16:00 . 2010-08-02 16:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-07-31 08:11 . 2010-08-12 01:32 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-07-31 08:11 . 2010-08-02 21:56 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-07-30 18:22 . 2010-08-09 04:48 -------- d-----w- c:\archivos de programa\OTL
2010-07-30 05:35 . 2010-07-30 05:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- c:\archivos de programa\JavaRa
2010-07-30 05:12 . 2010-07-30 05:12 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-07-30 05:12 . 2010-07-30 05:12 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcp71.dll
2010-07-30 05:12 . 2010-07-30 05:12 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\jmc.dll
2010-07-30 05:12 . 2010-07-30 05:12 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcr71.dll
2010-07-30 05:12 . 2010-07-30 05:12 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-sse.dll
2010-07-30 05:12 . 2010-07-30 05:12 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-d3d.dll
2010-07-30 05:12 . 2010-07-30 05:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 05:11 . 2010-07-30 05:11 -------- d-----w- c:\archivos de programa\Java
2010-07-30 01:56 . 2010-07-30 01:56 -------- d-----w- c:\documents and settings\NetworkService\Escritorio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-20 06:37 . 2009-07-14 23:06 -------- d-----w- c:\documents and settings\yo\Datos de programa\uTorrent
2010-08-19 15:32 . 2009-03-13 17:04 -------- d-----w- c:\documents and settings\yo\Datos de programa\dvdcss
2010-08-19 04:49 . 2009-03-13 15:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\Vso
2010-08-17 22:24 . 2008-12-09 14:13 -------- d-----w- c:\documents and settings\yo\Datos de programa\Winamp
2010-08-16 05:10 . 2008-12-09 14:28 -------- d-----w- c:\archivos de programa\eMule
2010-08-14 17:05 . 2008-12-09 14:00 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-08-14 17:04 . 2008-12-09 14:00 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
2010-08-13 01:20 . 2010-01-06 20:40 -------- d-----w- c:\archivos de programa\Ares
2010-08-12 01:21 . 2009-11-06 19:28 -------- d-----w- c:\archivos de programa\Last.fm
2010-08-11 14:45 . 2010-07-14 22:43 -------- d-----w- c:\documents and settings\yo\Datos de programa\vlc
2010-08-05 17:31 . 2010-06-22 21:21 -------- d-----w- c:\documents and settings\yo\Datos de programa\foobar2000
2010-08-05 03:44 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\Burrrn
2010-08-03 15:49 . 2008-12-09 13:57 16608 ----a-w- c:\windows\gdrv.sys
2010-08-02 22:01 . 2010-06-22 04:16 -------- d-----w- c:\archivos de programa\Monkey's Audio
2010-08-02 21:53 . 2008-12-09 14:08 -------- d-----w- c:\archivos de programa\CCleaner
2010-08-02 21:51 . 2010-07-14 22:41 -------- d-----w- c:\archivos de programa\VLC
2010-08-02 21:50 . 2010-07-07 04:10 -------- d-----w- c:\archivos de programa\EVEREST Ultimate Edition
2010-08-02 21:49 . 2010-06-22 21:21 -------- d-----w- c:\archivos de programa\foobar2000
2010-08-02 21:44 . 2010-06-19 07:18 -------- d-----w- c:\archivos de programa\Illustrate
2010-08-02 21:33 . 2008-12-09 14:13 -------- d-----w- c:\archivos de programa\Winamp
2010-08-02 21:31 . 2010-05-03 16:07 -------- d-----w- c:\archivos de programa\RemoveWGA_Victorxxx
2010-08-02 21:30 . 2010-01-24 21:48 -------- d-----w- c:\archivos de programa\Avira
2010-08-02 21:29 . 2009-03-13 15:58 -------- d-----w- c:\archivos de programa\VSO
2010-08-02 21:25 . 2010-02-04 19:01 -------- d-----w- c:\archivos de programa\VirtualDub-1.9.8
2010-08-02 21:22 . 2010-06-19 00:19 -------- d-----w- c:\archivos de programa\TotalAudioConverter
2010-07-31 07:20 . 2008-12-09 14:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-07-30 05:32 . 2009-11-02 23:42 -------- d-----w- c:\archivos de programa\VDOWNLOADER
2010-07-23 15:24 . 2010-05-03 15:17 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2010
2010-07-17 22:16 . 2010-07-17 22:16 54744 ----a-w- c:\documents and settings\All Users\Datos de programa\WidgetServer\uninst.exe
2010-07-17 22:16 . 2010-07-17 22:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\WidgetServer
2010-07-16 21:45 . 2010-06-03 23:51 -------- d-----w- c:\archivos de programa\Winamp Detect
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Winamp Toolbar
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\archivos de programa\Winamp Toolbar
2010-07-16 05:23 . 2001-08-24 10:00 51286 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-16 05:23 . 2001-08-24 10:00 362564 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-15 18:10 . 2010-07-15 18:10 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2010-07-14 20:11 . 2010-07-14 19:49 -------- d-----w- c:\archivos de programa\RealArcade
2010-07-12 20:27 . 2010-07-12 20:27 3299 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-12 20:26 . 2010-06-18 01:31 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-06 11:57 . 2010-05-03 15:18 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-07-06 11:52 . 2010-07-02 05:53 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-07-02 02:57 . 2010-07-02 02:57 -------- d-----w- c:\documents and settings\All Users\Datos de programa\McAfee
2010-06-30 12:32 . 2004-08-19 13:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 03:25 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\burrrn_1.13
2010-06-25 16:20 . 2010-06-25 16:20 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb264.tmp.exe
2010-06-24 20:37 . 2010-06-24 20:37 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb22D.tmp.exe
2010-06-24 12:15 . 2004-08-19 13:42 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-19 13:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-19 13:41 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-19 13:30 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 16:10 . 2010-06-23 16:10 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb1C0.tmp.exe
2010-06-23 02:47 . 2010-06-23 02:47 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb13B.tmp.exe
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:05 . 2010-06-21 03:33 3151 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-06-21 03:32 . 2010-06-21 03:32 3026 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-06-21 03:27 . 2010-06-21 03:27 15349 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-06-17 14:03 . 2004-08-19 13:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 21:35 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-14 21:33 . 2010-06-14 21:33 259072 ----a-w- c:\archivos de programa\Half-open_limit_fix_4.1.exe
2010-06-14 21:06 . 2010-06-14 21:06 260416 ----a-w- c:\archivos de programa\SoftonicDownloader81240.exe
2010-06-14 14:31 . 2008-12-09 13:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-19 13:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 19:31 . 2010-06-04 19:31 299864 ----a-w- c:\archivos de programa\dxwebsetup.exe
.

------- Sigcheck -------

[-] 2010-06-14 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\archivos de programa\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-05-10 2515552]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2010-05-10 17:39 2515552 ----a-w- c:\archivos de programa\Softonic_ES\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-05-10 2515552]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\archivos de programa\Softonic_ES\tbSof1.dll" [2010-05-10 2515552]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 68856]
"uTorrent"="c:\archivos de programa\uTorrent\uTorrent.exe" [2009-07-15 288048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\archivos de programa\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\archivos de programa\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48312:UDP"= 48312:UDP:emule puerto
"45113:TCP"= 45113:TCP:emule puerto

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [24/01/2010 06:48 p.m. 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [06/07/2010 08:55 a.m. 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 05:24 a.m. 10064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [03/02/2010 02:55 p.m. 135664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com.ar/
mStart Page = hxxp://www.gooofullsearch.com/
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.gooofullsearch.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-WgaLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-20 03:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2010-08-20 03:39:22
ComboFix-quarantined-files.txt 2010-08-20 06:39

Pre-Run: 111.494.111.232 bytes libres
Post-Run: 111.510.638.592 bytes libres

- - End Of File - - E6986F70A2103C9A126DFB97DB6835E8

Hi.

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   
   KillAll::
   
   TDL::
   c:\windows\system32\drivers\tcpip.sys
   
   Reboot::
   
   
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Hello

ComboFix 10-08-18.04 - yo 21/08/2010 2:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.34.3082.18.2037.1564 [GMT -3:00]
Running from: c:\documents and settings\yo\Escritorio\commy.exe
Command switches used :: c:\documents and settings\yo\Escritorio\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-19 20:53 . 2010-08-19 20:54 -------- d-----w- c:\archivos de programa\memtest86+-4.10.usb.installer
2010-08-19 20:53 . 2010-08-19 20:53 144308 ----a-w- c:\archivos de programa\memtest86+-4.10.usb.installer.zip
2010-08-18 19:15 . 2010-08-18 19:15 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple Computer
2010-08-17 19:43 . 2010-08-17 19:43 -------- d-----w- C:\_OTL
2010-08-17 06:58 . 2010-08-17 06:58 -------- d-----w- c:\documents and settings\Administrador\Datos de programa\Malwarebytes
2010-08-15 20:04 . 2010-08-15 20:04 260384 ----a-w- c:\archivos de programa\SoftonicDownloader22897.exe
2010-08-15 07:27 . 2010-08-15 07:27 -------- d-----w- c:\documents and settings\yo\Datos de programa\.oit
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\GlarySoft
2010-08-15 05:58 . 2010-08-15 05:58 -------- d-----w- c:\archivos de programa\Glary Undelete
2010-08-15 05:57 . 2010-08-15 05:57 3354016 ----a-w- c:\archivos de programa\gunsetup.exe
2010-08-15 05:54 . 2010-08-15 05:54 260400 ----a-w- c:\archivos de programa\SoftonicDownloader70493.exe
2010-08-15 03:36 . 2010-08-15 03:36 -------- d-----w- c:\archivos de programa\ESET
2010-08-14 19:28 . 2010-08-14 19:28 -------- d-----w- c:\archivos de programa\SoftLogica
2010-08-14 19:27 . 2010-08-14 19:28 1676456 ----a-w- c:\archivos de programa\handyrecovery4.exe
2010-08-14 18:33 . 2010-08-14 18:33 260400 ----a-w- c:\archivos de programa\SoftonicDownloader32483.exe
2010-08-14 17:05 . 2010-08-14 17:05 -------- d-----w- c:\archivos de programa\Kroll Ontrack
2010-08-14 17:01 . 2010-08-14 17:04 45192311 ----a-w- c:\archivos de programa\erprot.exe
2010-08-14 17:00 . 2010-08-14 17:00 260424 ----a-w- c:\archivos de programa\SoftonicDownloader12296.exe
2010-08-14 04:22 . 2010-08-14 04:22 -------- d-----w- c:\documents and settings\yo\Datos de programa\Apple Computer
2010-08-14 03:44 . 2010-08-18 19:15 -------- d-----w- c:\archivos de programa\QuickTime
2010-08-14 03:44 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Archivos comunes\Apple
2010-08-14 03:43 . 2010-08-14 03:44 -------- d-----w- c:\archivos de programa\Apple Software Update
2010-08-14 03:43 . 2010-08-14 03:43 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Apple
2010-08-13 22:18 . 2010-08-13 22:18 388096 ----a-r- c:\documents and settings\yo\Datos de programa\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-08-13 22:18 . 2010-08-13 22:18 -------- d-----w- c:\archivos de programa\TrendMicro
2010-08-13 22:15 . 2010-08-13 22:15 1401344 ----a-w- c:\archivos de programa\HijackThis.msi
2010-08-08 22:19 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-08 22:18 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-08 20:40 . 2010-08-08 20:40 6153352 ----a-w- c:\archivos de programa\mbam-setup-1.46.exe
2010-08-06 19:48 . 2010-08-06 19:48 -------- d-----w- c:\windows\Sun
2010-08-06 07:09 . 2010-08-07 05:09 -------- d-----w- c:\documents and settings\yo\Datos de programa\Youtube Downloader HD
2010-08-06 07:09 . 2010-08-06 07:09 -------- d-----w- c:\archivos de programa\Youtube Downloader HD
2010-08-06 07:08 . 2010-08-06 07:08 3513989 ----a-w- c:\archivos de programa\youtube_downloader_hd_setup.exe
2010-08-05 04:40 . 2010-08-05 04:40 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcp71.dll
2010-08-05 04:40 . 2010-08-05 04:40 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\jmc.dll
2010-08-05 04:40 . 2010-08-05 04:40 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4f72e18e-n\msvcr71.dll
2010-08-05 04:40 . 2010-08-05 04:40 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-sse.dll
2010-08-05 04:40 . 2010-08-05 04:40 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-539a9a21-n\decora-d3d.dll
2010-08-02 16:01 . 2010-08-02 16:01 -------- d-----w- c:\documents and settings\yo\Datos de programa\Malwarebytes
2010-08-02 16:00 . 2010-08-08 22:22 -------- d-----w- c:\archivos de programa\Malwarebytes' Anti-Malware
2010-08-02 16:00 . 2010-08-02 16:00 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Malwarebytes
2010-07-31 08:11 . 2010-08-12 01:32 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Spybot - Search & Destroy
2010-07-31 08:11 . 2010-08-02 21:56 -------- d-----w- c:\archivos de programa\Spybot - Search & Destroy
2010-07-30 18:22 . 2010-08-09 04:48 -------- d-----w- c:\archivos de programa\OTL
2010-07-30 05:35 . 2010-07-30 05:35 -------- d-----w- c:\archivos de programa\Archivos comunes\Adobe
2010-07-30 05:14 . 2010-07-30 05:14 -------- d-----w- c:\archivos de programa\JavaRa
2010-07-30 05:12 . 2010-07-30 05:12 -------- d-----w- c:\archivos de programa\Archivos comunes\Java
2010-07-30 05:12 . 2010-07-30 05:12 503808 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcp71.dll
2010-07-30 05:12 . 2010-07-30 05:12 499712 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\jmc.dll
2010-07-30 05:12 . 2010-07-30 05:12 348160 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-250f7da7-n\msvcr71.dll
2010-07-30 05:12 . 2010-07-30 05:12 61440 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-sse.dll
2010-07-30 05:12 . 2010-07-30 05:12 12800 ----a-w- c:\documents and settings\yo\Datos de programa\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3042ecd6-n\decora-d3d.dll
2010-07-30 05:12 . 2010-07-30 05:11 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-30 05:11 . 2010-07-30 05:11 -------- d-----w- c:\archivos de programa\Java
2010-07-30 01:56 . 2010-07-30 01:56 -------- d-----w- c:\documents and settings\NetworkService\Escritorio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 05:38 . 2009-07-14 23:06 -------- d-----w- c:\documents and settings\yo\Datos de programa\uTorrent
2010-08-20 21:46 . 2010-02-04 18:52 -------- d-----w- c:\archivos de programa\Softonic_ES
2010-08-20 13:38 . 2010-05-03 15:17 -------- d-----w- c:\archivos de programa\TuneUp Utilities 2010
2010-08-19 15:32 . 2009-03-13 17:04 -------- d-----w- c:\documents and settings\yo\Datos de programa\dvdcss
2010-08-19 04:49 . 2009-03-13 15:58 -------- d-----w- c:\documents and settings\yo\Datos de programa\Vso
2010-08-17 22:24 . 2008-12-09 14:13 -------- d-----w- c:\documents and settings\yo\Datos de programa\Winamp
2010-08-16 05:10 . 2008-12-09 14:28 -------- d-----w- c:\archivos de programa\eMule
2010-08-14 17:05 . 2008-12-09 14:00 -------- d--h--w- c:\archivos de programa\InstallShield Installation Information
2010-08-14 17:04 . 2008-12-09 14:00 -------- d-----w- c:\archivos de programa\Archivos comunes\InstallShield
2010-08-13 01:20 . 2010-01-06 20:40 -------- d-----w- c:\archivos de programa\Ares
2010-08-12 19:26 . 2010-05-03 15:18 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-08-12 19:19 . 2010-07-02 05:53 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-08-12 01:21 . 2009-11-06 19:28 -------- d-----w- c:\archivos de programa\Last.fm
2010-08-11 14:45 . 2010-07-14 22:43 -------- d-----w- c:\documents and settings\yo\Datos de programa\vlc
2010-08-05 17:31 . 2010-06-22 21:21 -------- d-----w- c:\documents and settings\yo\Datos de programa\foobar2000
2010-08-05 03:44 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\Burrrn
2010-08-03 15:49 . 2008-12-09 13:57 16608 ----a-w- c:\windows\gdrv.sys
2010-08-02 22:01 . 2010-06-22 04:16 -------- d-----w- c:\archivos de programa\Monkey's Audio
2010-08-02 21:53 . 2008-12-09 14:08 -------- d-----w- c:\archivos de programa\CCleaner
2010-08-02 21:51 . 2010-07-14 22:41 -------- d-----w- c:\archivos de programa\VLC
2010-08-02 21:50 . 2010-07-07 04:10 -------- d-----w- c:\archivos de programa\EVEREST Ultimate Edition
2010-08-02 21:49 . 2010-06-22 21:21 -------- d-----w- c:\archivos de programa\foobar2000
2010-08-02 21:44 . 2010-06-19 07:18 -------- d-----w- c:\archivos de programa\Illustrate
2010-08-02 21:33 . 2008-12-09 14:13 -------- d-----w- c:\archivos de programa\Winamp
2010-08-02 21:31 . 2010-05-03 16:07 -------- d-----w- c:\archivos de programa\RemoveWGA_Victorxxx
2010-08-02 21:30 . 2010-01-24 21:48 -------- d-----w- c:\archivos de programa\Avira
2010-08-02 21:29 . 2009-03-13 15:58 -------- d-----w- c:\archivos de programa\VSO
2010-08-02 21:25 . 2010-02-04 19:01 -------- d-----w- c:\archivos de programa\VirtualDub-1.9.8
2010-08-02 21:22 . 2010-06-19 00:19 -------- d-----w- c:\archivos de programa\TotalAudioConverter
2010-07-31 07:20 . 2008-12-09 14:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Lavasoft
2010-07-30 05:32 . 2009-11-02 23:42 -------- d-----w- c:\archivos de programa\VDOWNLOADER
2010-07-17 22:16 . 2010-07-17 22:16 54744 ----a-w- c:\documents and settings\All Users\Datos de programa\WidgetServer\uninst.exe
2010-07-17 22:16 . 2010-07-17 22:16 -------- d-----w- c:\documents and settings\All Users\Datos de programa\WidgetServer
2010-07-16 21:45 . 2010-06-03 23:51 -------- d-----w- c:\archivos de programa\Winamp Detect
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\documents and settings\All Users\Datos de programa\Winamp Toolbar
2010-07-16 21:45 . 2010-07-16 21:45 -------- d-----w- c:\archivos de programa\Winamp Toolbar
2010-07-16 05:23 . 2001-08-24 10:00 51286 ----a-w- c:\windows\system32\perfc00A.dat
2010-07-16 05:23 . 2001-08-24 10:00 362564 ----a-w- c:\windows\system32\perfh00A.dat
2010-07-15 18:10 . 2010-07-15 18:10 -------- d-----w- c:\archivos de programa\Windows Media Connect 2
2010-07-14 20:11 . 2010-07-14 19:49 -------- d-----w- c:\archivos de programa\RealArcade
2010-07-12 20:27 . 2010-07-12 20:27 3299 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2010-07-12 20:26 . 2010-06-18 01:31 869608 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-07-02 02:57 . 2010-07-02 02:57 -------- d-----w- c:\documents and settings\All Users\Datos de programa\McAfee
2010-06-30 12:32 . 2004-08-19 13:42 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 03:25 . 2010-06-28 03:25 -------- d-----w- c:\archivos de programa\burrrn_1.13
2010-06-25 16:20 . 2010-06-25 16:20 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb264.tmp.exe
2010-06-24 20:37 . 2010-06-24 20:37 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb22D.tmp.exe
2010-06-24 12:15 . 2004-08-19 13:42 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-19 13:42 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-19 13:41 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-19 13:30 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 16:10 . 2010-06-23 16:10 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb1C0.tmp.exe
2010-06-23 02:47 . 2010-06-23 02:47 501936 ----a-w- c:\documents and settings\All Users\Datos de programa\Google\Google Toolbar\Update\gtb13B.tmp.exe
2010-06-21 15:27 . 2004-08-03 21:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-21 15:05 . 2010-06-21 03:33 3151 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
2010-06-21 03:32 . 2010-06-21 03:32 3026 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2010-06-21 03:27 . 2010-06-21 03:27 15349 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-06-17 14:03 . 2004-08-19 13:42 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 21:35 . 2004-08-03 21:14 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-14 21:33 . 2010-06-14 21:33 259072 ----a-w- c:\archivos de programa\Half-open_limit_fix_4.1.exe
2010-06-14 21:06 . 2010-06-14 21:06 260416 ----a-w- c:\archivos de programa\SoftonicDownloader81240.exe
2010-06-14 14:31 . 2008-12-09 13:50 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:42 . 2004-08-19 13:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-04 19:31 . 2010-06-04 19:31 299864 ----a-w- c:\archivos de programa\dxwebsetup.exe
.

------- Sigcheck -------

[-] 2010-06-14 . CD00787894008369F56153B91FC28847 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2010-08-20_06.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-21 05:37 . 2010-08-21 05:37 16384 c:\windows\temp\Perflib_Perfdata_1d4.dat
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\a55343ca369382122a33905d7c85c623\update\update.exe
- 2010-08-10 20:13 . 2010-02-22 14:24 764280 c:\windows\SoftwareDistribution\Download\5223781abe26bac8c269db40b449266e\update\update.exe
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\2e0fac0ea201ad36dd05526d7f006f50\update\update.exe
- 2010-08-10 20:13 . 2009-05-26 11:40 764280 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\update\update.exe
- 2010-08-10 20:13 . 2010-02-22 14:24 764280 c:\windows\SoftwareDistribution\Download\0ce8722a568559fda0b0b60725066c1b\update\update.exe
+ 2010-08-13 14:57 . 2010-08-13 14:57 919552 c:\windows\Installer\1bb39bf.msp
+ 2010-08-13 14:57 . 2010-08-13 14:57 547328 c:\windows\Installer\1bb38dd.msp
- 2010-06-14 07:40 . 2010-06-14 07:40 1172480 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\sp3qfe\msxml3.dll
- 2010-06-14 07:42 . 2010-06-14 07:42 1172480 c:\windows\SoftwareDistribution\Download\2a3aa2e80cf03d0dddb69e41a0cb1cec\sp3gdr\msxml3.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\archivos de programa\Winamp Toolbar\winamptb.dll" [2009-05-06 1262888]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2010-08-20 21:46 2734688 ----a-w- c:\archivos de programa\Softonic_ES\tbSof0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\archivos de programa\Softonic_ES\tbSof0.dll" [2010-08-20 2734688]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\archivos de programa\uTorrent\uTorrent.exe" [2009-07-15 288048]
"swg"="c:\archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\archivos de programa\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\archivos de programa\QuickTime\qttask.exe" [2010-08-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\archivos de programa\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Archivos de programa\\Real Alternative\\Media Player Classic\\mplayerc.exe"=
"c:\\Archivos de programa\\uTorrent\\uTorrent.exe"=
"c:\\Archivos de programa\\MSN Messenger\\msnmsgr.exe"=
"c:\\Archivos de programa\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Archivos de programa\\eMule\\emule.exe"=
"c:\\Archivos de programa\\VLC\\vlc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"48312:UDP"= 48312:UDP:emule puerto
"45113:TCP"= 45113:TCP:emule puerto

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\archivos de programa\Avira\AntiVir Desktop\sched.exe [24/01/2010 06:48 p.m. 108289]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [12/08/2010 04:23 p.m. 1051968]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 05:24 a.m. 10064]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\archivos de programa\Google\Update\GoogleUpdate.exe [03/02/2010 02:55 p.m. 135664]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\archivos de programa\Apple Software Update\SoftwareUpdate.exe [2008-07-30 15:34]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\archivos de programa\Google\Update\GoogleUpdate.exe [2010-02-03 17:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com.ar/
mStart Page = hxxp://www.gooofullsearch.com/
IE: &Winamp Search - c:\documents and settings\All Users\Datos de programa\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xportar a Microsoft Excel - c:\archiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\archivos de programa\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\yo\Datos de programa\Mozilla\Firefox\Profiles\pnydudbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.gooofullsearch.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\archivos de programa\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\archivos de programa\Mozilla Firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 02:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1652)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\archivos de programa\Avira\AntiVir Desktop\avguard.exe
c:\archivos de programa\Java\jre6\bin\jqs.exe
c:\archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\archivos de programa\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Completion time: 2010-08-21 02:39:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-21 05:39
ComboFix2.txt 2010-08-20 06:39

Pre-Run: 110.902.861.824 bytes libres
Post-Run: 111.179.915.264 bytes libres

- - End Of File - - 0E6F39089D3E70C9FD24AE74C43E4985

Hi.

Please go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
   
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
   
3. When the downloads have finished, click on Settings.
   
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Please post this log in your next reply.

Hello

KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 22, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 21, 2010 10:32:30
Records in database: 4131719
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 48013
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:30:17

No threats found. Scanned area is clean.

Selected area has been scanned.

Hi.

How is your machine running now?

Hello
It's working fine.
Thank you very much to you and Belazur for your help, I appreciate all of your help.
Kindest regards
Sebastian

You're welcome, glad to help.

Your computer is now clean. Now, time to remove the tools used, and update your computer to prevent vulnerability.

Updating System Restore
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

• Select Start > All Programs > Accessories > System tools > System Restore.
  
• On the dialogue box that appears select Create a Restore Point
  
• Click NEXT
  
• Enter a name e.g. Clean
  
• Click CREATE.

You now have a clean restore point.

To get rid of the bad ones:

• Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  
• In the Drop down box that appears select your main drive e.g. C
  
• Click OK
  
• The System will do a calculation of temporary/old files, and then display a dialogue box.
  
• Select the More Options Tab.
  
• At the bottom will be a System Restore box with a CLEANUP button click this
  
• Accept the Warning and select OK again, the program will close and you are done.

========

Removing the tools
Now, to remove all of the tools we used and the files and folders they created, please do the following:

Download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

============

Service Pack upgrade
Please consider upgrading to Windows XP SP3, because it includes all previously released updates. It also includes a small number of new functionalities. Some of the updates that Service Pack 3 provides, you may not have. It is now available via Windows Update.

More info about SP3: Here

=====

Update Programs
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.



Please download the newest version of Java from Java.com.

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

===========

Here are some prevention tips I have provided:

1. Don't download files from untrusted websites or websites that seem suspious.

2. Don't use torrents they are a good way to get lots of malware.

3. Don't download and use cracks/warez/keygens they are illegal and are another good way to contract malware.

4. Disable autorun XP or Vista/7

5. Always make sure you have the latest Windows updates. windowsupdate.microsoft.com

6. Don't ever click on the links inside of a popup.

7. Make sure you know what you install you can make sure it is not know for being a virus by just simply searching about it on google.

8. Use a Site Advisor so you don't go to sites that will infect you. Mcafee Siteadvisor

9. Also there are many holes and flaws in Internet Explorer I recommend using Firefox 3 to keep you more safe.

10. Always keep your Java and Adobe updated.

11. Don't fall for the Scareware. What is Scareware? it is a website made to download a rogue Antivirus on your system that will scare you into buying their fake software due to false detections.

12. Always have a Firewall and a Antivirus.

Thanks for choosing GeekPolice, see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?

For more information please visit Here

Hello
I did every thing you recomend me.
Thanks a lot.

Sebastian

You're welcome, glad to help.